CVE-2013-4616
https://notcve.org/view.php?id=CVE-2013-4616
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. El método generateDefaultPassword en WifiPasswordController en las preferencias de iOS 6 y anteriores depende del método UITextChecker suggestWordInLanguage para la selección de puntos de acceso Wi-Fi con WPA2 PSK, lo que facilita a atacantes remotos el acceso a través de ataques de fuerza bruta que aprovecha el número limitado de posibles contraseñas (passphrases) a generar. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf http://www1.cs.fau.de/hotspot • CWE-255: Credentials Management Errors •
CVE-2013-3953
https://notcve.org/view.php?id=CVE-2013-3953
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. La función mach_port_space_info en osfmk/ipc/mach_debug.c en el kernel XNU en Apple Mac OS X 10.8.x, no inicializa determinadas estructuras, lo que permite a usuarios locales la obtención de información sensible a través de la memoria dinámica del kernel mediante una llamada manipulada. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3954
https://notcve.org/view.php?id=CVE-2013-3954
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. La llamada al sistema posix_spawn en el kernel XNU en Apple MAc OS X v10.8.x no valida correctamente los datos para acciones de ficheros y puertos, lo que permite a usuarios locales (1) causar una denegación de servicio mediante un valor de tamaño inconsistente con el campo contador de la cabecera, o (2) obtener información sensible desde la memoria dinámica del kernel mediante un valor de cierto tamaño junto con un búfer especialmente diseñado. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-20: Improper Input Validation •
CVE-2013-1019 – Apple QuickTime Sorenson Video mdat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1019
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película manipulado con la codificación Sorenson. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of a malformed Sorenson Video 3 mdat section in a QuickTime mov file. This can lead to memory corruption that could lead to remote code execution under the context of the process. • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16830 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2842 – Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use-After-Free (PoC)
https://notcve.org/view.php?id=CVE-2013-2842
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. Vulnerabilidad de tipo "usar despues de liberar" en Google Chrome anterior a v27.0.1453.93 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificados realacionados con la manipulación de "widgets". • https://www.exploit-db.com/exploits/40243 http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.debian.org/security/2013/dsa-2 • CWE-399: Resource Management Errors •